<!doctype html>
<meta http-equiv="content-security-policy" content="img-src 'self'">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body></body>
<script>
  async_test(t => {
    const i = document.createElement("img");

    const target = "http://{{hosts[alt][]}}:{{ports[http][0]}}/content-security-policy/support/fail.png";
    const url = window.origin + "/common/redirect.py?location=" + encodeURIComponent(target);

    window.addEventListener('securitypolicyviolation', t.step_func_done((e) => {
      assert_equals(e.blockedURI, url);
    }));

    i.onload = t.step_func(() => {
      assert_unreached("Img should be blocked.");
    });
    i.src = url;

    document.body.appendChild(i);
  }, "The blocked URI in the security policy violation event should be the original URI before redirects.");
</script>
</html>
